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National Computer 

Security Conference, 

Baltimore, MD, 

September 21-24, 1987 

The National Bureau of Standards (NBS) Institute 
for Computer Sciences and Technology (ICST) 
and Department of Defense (DOD) NationE^ Com- 
puter Security Center (NCSC) jointly sponsored 
the Tenth National Computer Security Confer- 
ence, Septem.ber 21-24, 1987. Previously this an- 
nual conference was held at the NBS. Over the last 
several years attendance increased dramatically, 
and for tie first time the conference was held at the 
Baltimore Convention Center. Attendance ex- 
ceeded 1,600, making this computer security con- 
ference the largest ever held. 

About the Conference 

The conference program was organized around 
the theme, "Computer Security —From Principles 
to Practices." The topics covered included re- 
search, new vendor products, technical, manage- 
ment, administrative, and educational aspects of 
computet security. Many of the papers presented at 
this conference addressed topics tfiat will support 
the defense community, yet other issues such as 
ethics in computer security, privacy, risk manage- 
ment, contingency planning, and education were 



addressed and were of value to business and the 
civil sector of the government Sessions addressing 
these topics were well attended. 

There was a high interest in network secwity 
and several technical papers described the work on 
the Secure Data Network System (SDNS). The 
SDNS project was initiated last year by the Na- 
tional Security Agency (NSA) with the NBS, the 
Defense Communications Agency (DCA), and 12 
communications and computer companies. Within 
the framework of the SDNS program, government 
and industry have joined to make products avail- 
able that wiU support security services for dis- 
tributed data processing networks. 

The presentations were organized into two par- 
allel tracks, one of which addressed managerial 
computer security issues and the other technical is- 
sues. A third track with occasional special sessions 
was also provided. This arrangement allowed par- 
ticipants a wide choice of topics from which to 
choose. The last day of the conference provided an 
opportunity for attendees to organize and partici- 
pate in special interest groups. 

For the first time, a unique "Poster Session" was 
offered. This srasion provided an opportunity for 
participants to speak for 2 minutes on any com- 
puter security i elated subject. Many speakers par- 
ticipated enthusiastically. As a result, the poster 
session will be included in next year's program, 

Speakers represented computer industry leaders, 
computer security practitioners, and researchers 
from the United States and abroad. Brief sum- 
maries of a few specific contributions follow. 

Opening the Conference 

ICST Director James Burrows and NCSC Di- 
rector Patrick Gallagher welcomed the conference 
participants. In his talk Burrows stressed the 
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improving network security as use of networks 
grows. Burrows spoke of how ICST initiated a 
program in the late 1970s to meet user needs to 
interconnect different manufacturers' equipment 
and systems in distributed data processing net- 
works. The Open Systems Interconnection (OSl) 
standards development has been carried out by na- 
tional and international committees with ICST as- 
sistance. Burrows farther stated that the NBS 
Workshop for Implementors of OSI was organized 
in 1983 to start a cooperative effort with industry 
to build compatible commercial products. Burrows 
stressed that the improved connectivity brought 
about by OSI must be accompanied by essential 
protective measures. He encouraged industry and 
government to identify their requirements for pro- 
tocols that will support security services in open 
systems. Burrows stated that NBS will continue its 
work with NSA to assure compatibility and proper 
performance of protocols. 

Gallagher also discussed the importance of net- 
work security. He announced a recent publication 
produced by the NCSC, "Trusted Network Inter- 
pretation." This document, referred to as the "Red 
Book," was developed to provide a standard to 
manufacturers and users on the security features 
and assurance levels that are needed in commercial 
network products. Gallagher further discussed 
how the NCSC works closely with U.S. computer 
manufacturers encouraging the bmldiog of "trust" 
into the hardware and software of computer sys- 
tems. He further stated that the "Orange Book" 
(formally, Trusted Counter System Evaluation 
Ciiteria), which established a set of basic require- 
ments and evaluation classes for assessing the effec- 
tiveness of security controls built into computer 
systems, continues to be the cornerstone for the 
Center's evaluation program. Gallagher called for 
continued cooperative efforts of the government, 
industry, and academe to buQd trust into computer 
systems. 

The keynote speaker was U.S. Representative 
Dave McCurdy (D-Oklahoma). Rep. McCurdy 
chairs the House Subcommittee on Transportation, 
Aviation and Materials, which has jurisdiction for 
communications research and development. It is 
from this basis, McCurdy explained, that the Sub- 
committee began an in-depth examination of the 
issues in computer and communications security 
and privacy within the Federal government. Hear- 
ings before the Transportation Subcommittee re- 
vealed that computer security in the Federal 
government needed itnprovement. This led to the 
introduction of legislation that became known as 



HR 145, The Computer Security Act of 1987. Mc- 
Curdy explained that the bill starts not only from 
the premise that computer security iu the Federal 
government needs improvement but that it can 
benefit from stronger centralized leadership- The 
bill assigns responsibility for protecting unclassified 
government computer information to NBS and the 
protection of classified information to the NSA. 
Rep. McCurdy reported that HR 145 passed the 
House and the next step is consideration by the 
Senate. He called on industry and Federal agencies 
to continue building on technology to strengthen 
computer security in the government. He empha- 
sized that the technical capabilities and assistance 
of both the NCSC and NBS are essential to meet- 
ing national computer security goals. 



Network Security 

Dennis Branstad, NBS Computer Science Fel- 
low, presented a tutorial on the Open Systems 
Interconnection (OSI) computer network architec- 
ture. Branstad explained that the security services 
being developed for OSI will assure that data being 
transmitted from one OSI system to another will be 
protected against modification, disclosure, replay, 
and undetected loss. He described the seven- 
layered OSI communications model connecting 
hosts in star configiu:ations, LANs and LAN 
bridges, ring configurations, and gateways. Cryp- 
tographic procedures were also discussed. 

Several technical papers highlighted the work 
on the SDNS project. This project, as presented by 
Gary Tater, NCSC, focuses on designing the next 
generation of secure computer communications 
network and product specifications to be imple- 
mented for applications utilizing both public and 
private data networks. Tater explained that one of 
the primary goals of the program is to assist and 
encourage industry in developing a wide variety of 
cost-effective communications products and sys- 
tems that meet OSI standards. Tater reported that 
the project is advancing well and predicted it 
would result in data security protocols and prod- 
ucts by 1990. 



Insider Threat 

A panel addressed the issue of "insider threats." 
AUan Clyde, a Washington businessman, explained 
that managing the risks arising from insiders on sen- 
sitive computer systems is growing in importance. 
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Clyde reviewed the work being done in tlie field 
and proposed a system of analysis to identify suspi- 
cious events. This method would perform continu- 
ous capture and encryption of all keystrokes for 
each user. Clyde concluded that fixH-system 
surveillance can be achieved cost-effectively with 
high performance products that do not represent 
an excessive burden to the system. 

James Anderson, a computer security consultant, 
contends that surveillance is not effective slace a 
user with a high degree of expertise can operate 
below the surveillance level. He asserted that sys- 
tems certified at the B2 and B3 levels circumvented 
the need for surveillance. Another panelist, 
Priscilla Regan, U.S. Congress Office of Technol- 
ogy Assessment, stated that surveillance could 
mean an invasion of privacy. She proposed that 
deterrence mechanisms be used instead of surveil- 
lance and that if used, surveillance not be con- 
cealed. This panel discussion clearly demonstrated 
there are no perfect solutions to the insider threat 
problem. 



Computer Viruses 

In addition to the insider threat problem, poten- 
tial solutions to other kinds of threats were dis- 
cussed. Howard Israel, NCSC, theorized that any 
protection mechanism used to detect a Trojan 
Horse threat will work to detect a computer virus 
as well. Israel pointed out that a virus attack gener- 
ally causes more damage than a Trojan Horse be- 
cause more computers or more computer programs 
are involved in a virus attack. During this presen- 
tation, Israel reviewed several virus research activ- 
ities. He concluded that a well-defined security 
policy used in conjunction with trusted software 
can provide reasonable protection against virus and 
Trojan Horse attacks. 



Risk Assessment 

Robin Moses, UK Central Computer and 
Telecommunications Agency (CCTA), and Rod- 
ney Clark, BIS Applied Systems LTD, jointly pre- 
sented a risk analysis methodology, called 
CRAMM, developed for use in the United King- 
dom. CRAMM is designed for the novice risk ana- 
lyst and combines a baseline "code of good 
management practices" with a qualitative risk anal- 
ysis method. CRAMM is threat oriented and em- 
phasizes consequential as well as direct losses. 



A questionnaire with scales of 1-10 is used 
to evaluate the vulnerabilities and risks in the 
system. 

Sylvan Pinsky, Senior Scientist for the Office of 
Research and Development, NCSC, discussed cur- 
rent efforts by the Federal government in the area 
of computer risk management. Pinsky announced 
the cooperative efforts of NBS and NCSC in estab- 
lishing a Risk Management Laboratory. Pinsky 
highlighted that the primary goal of the laboratory 
will be to conduct research in risk management 
techniques and methodologies and to transfer the 
results of that research to government and private 
sector organizations. Another related activity be- 
ing considered is to assist agencies in the selection 
and use of commercial risk management software. 
The laboratory, which will be located at NBS, may 
also provide a clearinghouse for information on 
risk analysis and management for the Federal gov- 
ernment. 



Contingency Planning 

A special session on contingency planning pro- 
vided lively discussions on developmg computer 
contingency plans. Ray Pardo, Bechtel Eastern 
Power Corporation, presented a "fast track" ap- 
proach (6 months to a year) for implementing a 
contingency plan. Fast track, as described by 
Pardo, is targeted toward developing a workable 
and tested contingency plan for truly critical appli- 
cations and for a specific range of contingencies. 
Pardo discussed the advantages of the fast track 
approach and outlined a method for implementing 
the plan. Pardo emphasized that unlike other con- 
tingency planning methodologies where the bene- 
fits of the plan are delayed for 1 to 2 years, 
"fast track" quickly reaches the crucial testing 
phase. 

Thomas Judd, Federal Reserve System Contin- 
gency Processing Center, discussed innovative 
strategies for returning to "business as usual" for 
those critical organizations that affect the entire so- 
ciety, i.e., utilities, securities firms, and military 
command and control. Judd suggested that contin- 
gency planning be extended beyond the "cook 
book" approach. His fundamental belief is that the 
ability to return to normalcy lies in the com- 
mitment of senior management, and that the plan- 
ning, testing, and training remain dynamic to the 
degree that it matches the changing business 
environment. 
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Training and Awareness 

Several papers addressed the importance of com- 
puter security training and awareness. Elizabeth 
Markey, U.S. Department of State, described the 
apptoach her oiganizatioix has taken to train their 
personnel to counter risks that threaten the organi- 
zation's computer systems, Markey explained that a 
series of carefully structured systems security semi- 
nars and briefings are held for all levels of person- 
nel, including managers, line security personnel, 
and users. Markey described a 2-hour briefing that 
is presented to Executive Directors; a 4-day semi- 
nar for Regional Security Officers; and a 1- to 2- 
hour briefing for all new employees. 

Eliot Sohmer, NCSC, described the computer 
security curriculum being developed there. The 
course is modular and addresses both non-technical 
and technical issues. Not unlike the training and 
awareness program developed by Department of 
State, NCSC's training plan is designed to meet the 
needs of various categories of personnel ranging 
from product evaluators to research and develop- 
ment specialists to clerical and administrative assis- 
tants. It is planned that each training module will 
be videotaped and will be available to other gov- 
ernment agencies, universities, and vendors. 



DOD Computer Security Research and 
Development Programs 

A panel smnmarized the progress and plans for 
research and development in the Federal govern- 
ment in the areas of secure architectures, data base 
management systems (DBMS), networks, modeling 
and verification, and aids to evaluation. 



Data Base Management Security 

A joint paper "Data Integrity vs Data Security," 
by Rhonda Henning and Swen Walker, NCSC, 
summarized past and current thoughts on these 
two subjects. Henning pointed out that the pres- 
ence of a trusted operating system does not guaran- 
tee that the DBMS can be used to share 
information ia a trusted way. She stated that the 
integrity concerns were not sufQciently addressed 
by conventional secrecy policies. Henning re- 
viewed several integrity policy alternatives con- 
cluding that few have actually proven successful in 
operational environments. She recommended that 
each ^plication he examined to determine which 



integrity policy best fits its requirements. Henning 
fur^er suggested that a combination of integrity 
policies may be more appropriate. 



Social Issues and Ethics 

Two papers addressed social issues and ethics in 
computer security. Dorothy Denning presented a 
joint paper she wrote with Peter Neumann and 
Donn Parker, SRI International. Denning exam- 
ined the social aspects of computer security with 
respect to the computerized monitoring technolo- 
gies being developed. She spoke of how many 
users respond negatively to computer security be- 
cause they view it as interfering with their produc- 
tivity and in some cases a violation of their rights. 
She said these problems stem from a misalignment 
of the concerns and values of management with 
those of their employees on the effects of security 
policies and mechanism:s. She believes that the use 
of security surveillance of computer users could in- 
crease this misalignment. Denning recommended 
that threat monitoring techniques be carefully ap- 
plied to preserve the rights of privacy and freedom 
from intrusion and should avoid creating an atmo- 
sphere that leads to employee suspicion and dissat- 
isfaction. She farther stated that while monitoring 
user's activities is necessary for accountability and 
detection of irregularities, threat monitoring must 
be done with informed consent. Denning also sug- 
gested that organisations align their security poli- 
cies with computer users outside the organization. 
She suggested setting up a computer system some- 
where in the world which offered programming 
games with prizes and recognition of winners. The 
purpose is to provide more healthy outlets for the 
non-malicious hacker. Denniag concluded that it is 
vital that the technological and social consider- 
ations be balanced so liiat serious problems may be 
avoided. 

Marlene Campbell, Murray State University, dis- 
cussed the need to bring ethics into the classroom 
and the workplace. Campbell emphasized the need 
to train our young people in the ethics of protect- 
ing our computer systems. She illustrated through 
several examples that a lack of ethics is a cause of 
computer crime, Campbell concluded that while 
security mechanisms and laws are provided to tem- 
per the activities of computer users, the truly bind- 
ing controls rest with the professional etliics of 
each user. 



74 



Volume 93, Number 1, January-February 1988 

Journal of Research of the National Bureau of Standards 



Hacker Problem 

Ken McLeod, a former Arizona sheriff who was 
involved in numerous computer fraud cases and is 
now a consultant on computer crime issues, pro- 
vided a dramatic finale to the conference. McLeod 
presented videos of criminal interrogations and a 
"hacker" at work. His presentation provided 
a vivid understandiag of the malicious hacker 
problem. 



For More Information 

Proceedings from this conference are available 
upon request. You may write or call Irene Isaac, 
NBS, ICST, Building 225, Room B266, Gaithers- 
burg, MD 20899; (301) 975-3360. 

The following documents may be ordered from 
the NCSC: 

1. Proceedings, 10th National Ccanputer Security 
Conference, 21-24 September 1987. 

2. Department of Defense Trusted Ccvnputer Sys- 
tem Evaluation Criteria, DOD 52G0.28-STD, De- 
cember 1985. 

3. Trusted Network Interpretation of the Trusted 
Computer System Evaluation Criteria, NCSC-TG- 
005, Version 1, 31 July 1987. 

Irene £. Isaac 

Institute for Computer Sciences and Technology 
National Bureau of Standards 
Gaithersburg, MD 20899 
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